Pifthon: A Compile-Time Information Flow Analyzer For An Imperative Language
Sandip Ghosal, R. K. Shyamasundar
TL;DR
Pifthon is a compile-time analysis tool for Python-like programs that improves precision and usability in detecting information flow violations, supporting a wide range of programs and ensuring security properties.
Contribution
It introduces a hybrid labeling approach for compile-time information flow analysis in imperative languages, specifically implemented for a Python dialect called PyX.
Findings
Reduces labeling overhead for better usability.
Covers termination- and progress-sensitive channels.
Proven sound under non-interference property.
Abstract
Compile-time information flow analysis has been a promising technique for protecting confidentiality and integrity of private data. In the last couple of decades, a large number of information flow security tools in the form of run-time execution-monitors or static type systems have been developed for programming languages to analyze information flow security policies. However, existing flow analysis tools lack in precision and usability, which is the primary reason behind not being widely adopted in real application development. In this paper, we propose a compile-time information flow analysis for an imperative program based on a hybrid (mutable + immutable) labelling approach that enables a user to detect information flow-policy breaches and modify the program to overcome violations. We have developed an information flow security analyzer for a dialect of Python language, PyX, called…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Network Security and Intrusion Detection